Search This Blog

Friday, December 12, 2014

Android: get sha from *.apk file; validate *.apk content; check apk integrity

The apk file might get destroyed when it's transferred through a network. If the file is signed with a certificate (most Android applications are signed by the publisher) you can check the file integrity from the command line before installing the application. The following methods check the certificate validity as well as validate apk file contents.



keytool -list -printcert -jarfile app-sa.apk
(java/jre/bin/keytool)


 Signer #1:  
   
 Signature:  
   
 Owner: CN=Somevalue, OU=Developers, O=Somevalue. Somevalue, L=Somevalue, ST=Somevalue, C=PL  
 Issuer: CN=Somevaluei, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL  
 Serial number: Somevalue  
 Valid from: Thu Jul 17 11:25:00 CEST 2014 until: Mon Jul 11 11:25:00 CEST 2039  
 Certificate fingerprints:  
       MD5: 11:11:11:11:11:11:11:11:11:11:A3:D8:B5:11:11:11  
       SHA1: 11:11:11:11:11:11:11:11:11:0D:42:BC:2D:01:11:11:11:11:11:11  
       SHA256: 11:11:11:11:11:11:11:11:11:11:11:11:D4:7C:B7:1C:C8:14:8E:43:11:11:11:11:11:11:11:11:3E:11:11:11  
       Signature algorithm name: SHA256withRSA  
       Version: 3  
   
 Extensions:   
   
 #1: ObjectId: 2.5.29.14 Criticality=false  
 SubjectKeyIdentifier [  
 KeyIdentifier [  
 0000: 11 11 11 11 11 11 11 11  11 11 11 11 11 11 36 F3 ..]....%.B....6.  
 0010: 11 11 11 11                    ....  
 ]  
 ]  
   




jarsigner -verbose -verify -certs app-sa.apk
(java/jre/bin/jarsigner)


 sm    162096 Thu Dec 11 16:39:46 CET 2014 resources.arsc

      X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
      [certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
      [CertPath not validated: Path does not chain with any of the trust anchors]

sm    4416396 Thu Dec 11 16:40:46 CET 2014 classes.dex

      X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
      [certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
      [CertPath not validated: Path does not chain with any of the trust anchors]

sm       621 Thu Dec 11 16:40:48 CET 2014 androidannotations-api.properties

      X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
      [certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
      [CertPath not validated: Path does not chain with any of the trust anchors]

s      32963 Thu Dec 11 16:40:50 CET 2014 META-INF/MANIFEST.MF

      X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
      [certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
      [CertPath not validated: Path does not chain with any of the trust anchors]

       32984 Thu Dec 11 16:40:50 CET 2014 META-INF/CERT.SF
        1495 Thu Dec 11 16:40:50 CET 2014 META-INF/CERT.RSA

  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.
The latter of the methods verifies apk content as well. 



Posted by Bartosz Kosarzycki at 3:05 PM

10 comments:

  1. irn blogOctober 24, 2018 at 1:24 PM

    get apk
    GetAPK Market Download Free For Android, Play Store alternative to download free apps using GetAPK Market. Now download unlimited apps for free.

    ReplyDelete
  2. johnroyJanuary 21, 2019 at 6:47 PM

    I truly delighted in perusing your article. I discovered this as an instructive and fascinating post, so I think it is extremely helpful and learned. I might want to thank you for the exertion you have made in composing this article
    please check this link

    ReplyDelete
  3. RohitFebruary 11, 2019 at 7:22 AM

    looking for great apps? Then download Blackmart APK as it features some of the most amazing apps on its own app store.

    ReplyDelete
  4. johnroyDecember 26, 2021 at 8:10 AM

    I pernolly like your post. You can involve valueable thing which is really usefull for everyone. Keep it up
    click here

    ReplyDelete
  5. johnroyDecember 26, 2021 at 8:43 AM

    Nice blog !! the issuue that you touch is very informative and great. Keep it up. we are waiting for more apk reviews.
    Must watch this

    ReplyDelete
  6. johnroyDecember 27, 2021 at 2:22 PM

    I know your post give me the great information. I am totally impressed with your article and must want to say your posting style is different then others. I am really very thankful to you.
    Best Review

    ReplyDelete
  7. UnknownJanuary 3, 2022 at 8:03 PM

    Thanks for according to critical information including all of us. It was surprisingly soft to work. I absolutely like your opinions. I personally relish your work. Your article is very practical and helpful for us.
    click Here

    ReplyDelete
  8. johnroyJanuary 19, 2022 at 8:51 PM

    Thanks for according to critical information including all of us. It was surprisingly soft to work. I absolutely like your opinions.
    Must be watch this review

    ReplyDelete
  9. UnknownFebruary 11, 2022 at 7:27 PM

    I really liked reading your post! Very high quality content and useful information similar to my post

    on places to visit to With such a valuable website I believe you deserve to be ranking even higher in

    the search engines.

    Click it

    ReplyDelete
  10. johnroyMarch 29, 2022 at 10:17 AM

    It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.
    visit here Please

    ReplyDelete

If you like this post, please leave a comment :)

Subscribe to: Post Comments (Atom)